LinuxCommandLibrary

openssl-pkcs12

creates and parses PKCS#12 files

TLDR

Create PKCS12 from cert and key

$ openssl pkcs12 -export -out [certificate.p12] -inkey [private.key] -in [certificate.crt]
copy
Include CA chain
$ openssl pkcs12 -export -out [cert.p12] -inkey [key.pem] -in [cert.pem] -certfile [ca-chain.pem]
copy
Extract certificate
$ openssl pkcs12 -in [certificate.p12] -clcerts -nokeys -out [certificate.crt]
copy
Extract private key
$ openssl pkcs12 -in [certificate.p12] -nocerts -out [private.key]
copy
Extract all to PEM
$ openssl pkcs12 -in [certificate.p12] -out [all.pem] -nodes
copy

SYNOPSIS

openssl pkcs12 [options]

DESCRIPTION

openssl pkcs12 creates and parses PKCS#12 files (.p12, .pfx). These files bundle private keys, certificates, and CA chains into a single encrypted file.
Commonly used for importing/exporting certificates in browsers and applications.

PARAMETERS

-export

Create PKCS12 file.
-in file
Input file.
-out file
Output file.
-inkey file
Private key file.
-certfile file
Additional certificates.
-nokeys
Don't output keys.
-nocerts
Don't output certs.
-nodes
Don't encrypt output.
-name name
Friendly name.

COMMON USES

$ - Export from browser/keychain
- Import to Java keystore
- Certificate backup
- Cross-platform transfer
copy

CAVEATS

PKCS12 passwords can be brute-forced. Use strong passwords. Legacy format uses weak encryption by default.

HISTORY

PKCS#12 is a standard from RSA Laboratories, widely supported for portable certificate storage.

SEE ALSO

openssl-x509(1), openssl-rsa(1), keytool(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community